-
Hello, I am a college student currently working on a senior project.
Looking through your javascript security queries, I noticed that CWE-326 only had one query and was not as fleshed out as the d…
-
Test case:
```go
package main
import (
"net/http"
"net/url"
)
func testssrf(req *http.Request) {
host := req.URL.Query().Get("host")
u, _ := url.Parse("http://example")
// The…
-
Hello, I am trying to restrict flows to only include those that have a source flow that is used as a query parameter.
For example, say authToken is a source,
```
String urlString = "http://au…
-
> Netsparker Enterprise detected that weak ciphers are enabled during secure communication (SSL).
You should allow only strong ciphers on your web server to protect secure communication with your vis…
-
This ticket is about hardening the configuration files to be secure by default.
-
CWE-1326 Missing OBEX
-
### Feature description
Give a meaningful validation error message for use, when password validation fails
### Why would it be useful?
It would be more user friendly
### Additional context
Ch…
-
I'm building a [CWE API consumer][cwe_api] in Rust that uses the `openapi.json` file in this repo as the basis for code generation.
As part of testing this code, I've encountered several API respon…
-
There is a CWE in test file. It has Password in Configuration File
-
Check out the CWE_89 SQL Injection.